New Android Trojan Records Data Entered in Banking Apps

A new version of the BianLian malware has emerged, with cybercriminals modifying the trojan to include additional features for attacking banking applications. Experts at Fortinet have thoroughly analyzed this latest variant.

According to specialists, BianLian can now record the screen of Android devices, which helps cybercriminals steal users’ online banking credentials. During installation, BianLian attempts to obtain permission to use Accessibility Services. Once the user grants access, the attack phase begins.

The malware can record any windows of financial applications using a screencast module, for which BianLian requires separate permissions in the Android system. As a result, the entire process of entering usernames, passwords, and payment card details is recorded and sent to the attackers.

Previously, BianLian functioned as a dropper for another piece of malware called Anubis. Its original features allow it to evade detection by various security mechanisms. For example, BianLian can infiltrate Google Play.

According to Fortinet’s report, the following is a list of targeted banking applications:

• (List not provided in the original article.)